Exemplos de WindowsHeader em C# (CSharp)

Linguagem de programação: C# (CSharp)

Classe / Tipo: WindowsHeader

Exemplos em hotexamples.com: 2

WindowsHeader em C# (CSharp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de WindowsHeader em C# (CSharp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Relacionados

BroadcastEventType

IVsUserContext

FormTareasCaso

ConnectionParameter

AbsMaxArrayComparer

Question.Verified

Location

AddFieldDefinitionUpdateAction

App

Related in langs

fn_get_store_locations (PHP)

Asset (PHP)

GetInstanceName (C++)

gegl_node_detect (C++)

RunCommand (Go)

Set (Go)

ElevatorInBit (Java)

Container (Java)

map_setup (Python)

makeFaceFromWire (Python)

Exemplo n.º 1

0

Exibir arquivo

static WindowsHeader64 ToPlus(WindowsHeader header) { return(new WindowsHeader64 { imageBase = header.imageBase, sectionAlignment = header.sectionAlignment, fileAlignment = header.fileAlignment, majorOperatingSystemVersion = header.majorOperatingSystemVersion, minorOperatingSystemVersion = header.minorOperatingSystemVersion, majorImageVersion = header.majorImageVersion, minorImageVersion = header.minorImageVersion, majorSubsystemVersion = header.majorSubsystemVersion, minorSubsystemVersion = header.minorSubsystemVersion, win32VersionValue = header.win32VersionValue, sizeOfImage = header.sizeOfImage, sizeOfHeaders = header.sizeOfHeaders, checksum = header.checksum, subsystem = header.subsystem, dllCharacteristics = header.dllCharacteristics, sizeOfStackReserve = header.sizeOfStackReserve, sizeOfStackCommit = header.sizeOfStackCommit, sizeOfHeapReserve = header.sizeOfHeapReserve, sizeOfHeapCommit = header.sizeOfHeapCommit, loaderFlags = header.loaderFlags, numberOfRvaAndSizes = header.numberOfRvaAndSizes }); }

Exemplo n.º 2

0

Exibir arquivo

void Initialize() { Recognized = false; if (BaseStream == null) { return; } baseExecutable = new MZ(BaseStream); if (!baseExecutable.Recognized) { return; } if (baseExecutable.Header.new_offset >= BaseStream.Length) { return; } BaseStream.Seek(baseExecutable.Header.new_offset, SeekOrigin.Begin); byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))]; BaseStream.Read(buffer, 0, buffer.Length); IntPtr hdrPtr = Marshal.AllocHGlobal(buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); header = (PEHeader)Marshal.PtrToStructure(hdrPtr, typeof(PEHeader)); Marshal.FreeHGlobal(hdrPtr); Recognized = header.signature == SIGNATURE; if (!Recognized) { return; } Type = "Portable Executable (PE)"; if (header.coff.optionalHeader.magic == PE32Plus) { BaseStream.Position -= 4; buffer = new byte[Marshal.SizeOf(typeof(WindowsHeader64))]; BaseStream.Read(buffer, 0, buffer.Length); hdrPtr = Marshal.AllocHGlobal(buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); winHeader = (WindowsHeader64)Marshal.PtrToStructure(hdrPtr, typeof(WindowsHeader64)); Marshal.FreeHGlobal(hdrPtr); } else { buffer = new byte[Marshal.SizeOf(typeof(WindowsHeader))]; BaseStream.Read(buffer, 0, buffer.Length); hdrPtr = Marshal.AllocHGlobal(buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); WindowsHeader hdr32 = (WindowsHeader)Marshal.PtrToStructure(hdrPtr, typeof(WindowsHeader)); Marshal.FreeHGlobal(hdrPtr); winHeader = ToPlus(hdr32); } OperatingSystem reqOs = new OperatingSystem(); switch (winHeader.subsystem) { case Subsystems.IMAGE_SUBSYSTEM_UNKNOWN: reqOs.Name = "Unknown"; break; case Subsystems.IMAGE_SUBSYSTEM_NATIVE: reqOs.Name = "Windows NT"; reqOs.Subsystem = "Native"; break; case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_GUI: reqOs.Name = winHeader.majorSubsystemVersion <= 3 ? "Windows NT" : "Windows"; reqOs.Subsystem = "GUI"; break; case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CUI: reqOs.Name = winHeader.majorSubsystemVersion <= 3 ? "Windows NT" : "Windows"; reqOs.Subsystem = "Console"; break; case Subsystems.IMAGE_SUBSYSTEM_OS2_CUI: reqOs.Name = "Windows NT"; reqOs.Subsystem = "OS/2"; break; case Subsystems.IMAGE_SUBSYSTEM_POSIX_CUI: reqOs.Name = "Windows NT"; reqOs.Subsystem = "POSIX"; break; case Subsystems.IMAGE_SUBSYSTEM_NATIVE_WINDOWS: reqOs.Name = "Windows"; reqOs.Subsystem = "Native"; break; case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: reqOs.Name = "Windows CE"; break; case Subsystems.IMAGE_SUBSYSTEM_EFI_APPLICATION: case Subsystems.IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: case Subsystems.IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: case Subsystems.IMAGE_SUBSYSTEM_EFI_ROM: reqOs.Name = "EFI"; break; case Subsystems.IMAGE_SUBSYSTEM_XBOX: reqOs.Name = "Xbox OS"; break; case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: reqOs.Name = "Windows NT"; reqOs.Subsystem = "Boot environment"; break; default: reqOs.Name = $"Unknown code ${(ushort)winHeader.subsystem}"; break; } reqOs.MajorVersion = winHeader.majorSubsystemVersion; reqOs.MinorVersion = winHeader.minorSubsystemVersion; RequiredOperatingSystem = reqOs; buffer = new byte[Marshal.SizeOf(typeof(ImageDataDirectory))]; directoryEntries = new ImageDataDirectory[winHeader.numberOfRvaAndSizes]; for (int i = 0; i < directoryEntries.Length; i++) { BaseStream.Read(buffer, 0, buffer.Length); directoryEntries[i] = BigEndianMarshal.ByteArrayToStructureLittleEndian <ImageDataDirectory>(buffer); } buffer = new byte[Marshal.SizeOf(typeof(COFF.SectionHeader))]; sectionHeaders = new COFF.SectionHeader[header.coff.numberOfSections]; for (int i = 0; i < sectionHeaders.Length; i++) { BaseStream.Read(buffer, 0, buffer.Length); sectionHeaders[i] = BigEndianMarshal.ByteArrayToStructureLittleEndian <COFF.SectionHeader>(buffer); } Dictionary <string, COFF.SectionHeader> newSectionHeaders = sectionHeaders.ToDictionary(section => section.name); for (int i = 0; i < directoryEntries.Length; i++) { string tableName; switch (i) { case 0: tableName = ".edata"; break; case 1: tableName = ".idata"; break; case 2: tableName = ".rsrc"; break; case 3: tableName = ".pdata"; break; case 5: tableName = ".reloc"; break; case 6: tableName = ".debug"; break; case 9: tableName = ".tls"; break; case 14: tableName = ".cormeta"; break; default: continue; } if (newSectionHeaders.ContainsKey(tableName)) { continue; } if (directoryEntries[i].rva == 0) { continue; } newSectionHeaders.Add(tableName, new COFF.SectionHeader { characteristics = COFF.SectionFlags.IMAGE_SCN_CNT_INITIALIZED_DATA | COFF.SectionFlags.IMAGE_SCN_MEM_READ, name = tableName, pointerToRawData = RvaToReal(directoryEntries[i].rva, sectionHeaders), virtualAddress = directoryEntries[i].rva, sizeOfRawData = directoryEntries[i].size, virtualSize = directoryEntries[i].size }); } List <byte> chars; List <string> strings = new List <string>(); if (newSectionHeaders.TryGetValue(".edata", out COFF.SectionHeader edata)) { buffer = new byte[Marshal.SizeOf(typeof(ExportDirectoryTable))]; BaseStream.Position = edata.pointerToRawData; BaseStream.Read(buffer, 0, buffer.Length); ExportDirectoryTable edataTable = BigEndianMarshal.ByteArrayToStructureLittleEndian <ExportDirectoryTable>(buffer); BaseStream.Position = RvaToReal(edataTable.nameRva, sectionHeaders); chars = new List <byte>(); while (true) { int ch = BaseStream.ReadByte(); if (ch <= 0) { break; } chars.Add((byte)ch); } moduleName = Encoding.ASCII.GetString(chars.ToArray()); uint[] namePointers = new uint[edataTable.numberOfNamePointers]; exportedNames = new string[edataTable.numberOfNamePointers]; buffer = new byte[Marshal.SizeOf(typeof(uint)) * edataTable.numberOfNamePointers]; BaseStream.Position = RvaToReal(edataTable.namePointerRva, sectionHeaders); BaseStream.Read(buffer, 0, buffer.Length); for (int i = 0; i < edataTable.numberOfNamePointers; i++) { namePointers[i] = BitConverter.ToUInt32(buffer, i * 4); BaseStream.Position = RvaToReal(namePointers[i], sectionHeaders); chars = new List <byte>(); while (true) { int ch = BaseStream.ReadByte(); if (ch <= 0) { break; } chars.Add((byte)ch); } exportedNames[i] = Encoding.ASCII.GetString(chars.ToArray()); } } if (newSectionHeaders.TryGetValue(".idata", out COFF.SectionHeader idata)) { buffer = new byte[Marshal.SizeOf(typeof(ImportDirectoryTable))]; BaseStream.Position = idata.pointerToRawData; List <ImportDirectoryTable> importDirectoryEntries = new List <ImportDirectoryTable>(); while (true) { BaseStream.Read(buffer, 0, buffer.Length); if (buffer.All(b => b == 0)) { break; } importDirectoryEntries.Add(BigEndianMarshal .ByteArrayToStructureLittleEndian <ImportDirectoryTable>(buffer)); } importedNames = new string[importDirectoryEntries.Count]; for (int i = 0; i < importDirectoryEntries.Count; i++) { BaseStream.Position = RvaToReal(importDirectoryEntries[i].nameRva, sectionHeaders); chars = new List <byte>(); while (true) { int ch = BaseStream.ReadByte(); if (ch <= 0) { break; } chars.Add((byte)ch); } importedNames[i] = Encoding.ASCII.GetString(chars.ToArray()); // BeOS R3 uses PE with no subsystem if (importedNames[i].ToLower() == "libbe.so") { reqOs.MajorVersion = 3; reqOs.MinorVersion = 0; reqOs.Subsystem = null; reqOs.Name = "BeOS"; RequiredOperatingSystem = reqOs; } // Singularity appears as a native NT executable else if (importedNames[i].ToLower() == "singularity.v1.dll") { reqOs.MajorVersion = 1; reqOs.MinorVersion = 0; reqOs.Subsystem = null; reqOs.Name = "Singularity"; RequiredOperatingSystem = reqOs; } } } if (newSectionHeaders.TryGetValue(".debug", out COFF.SectionHeader debug) && debug.virtualAddress > 0) { buffer = new byte[Marshal.SizeOf(typeof(DebugDirectory))]; BaseStream.Position = debug.pointerToRawData; BaseStream.Read(buffer, 0, buffer.Length); debugDirectory = BigEndianMarshal.ByteArrayToStructureLittleEndian <DebugDirectory>(buffer); } if (newSectionHeaders.TryGetValue(".rsrc", out COFF.SectionHeader rsrc)) { if (reqOs.Name == "BeOS") { newSectionHeaders.Remove(".rsrc"); rsrc.pointerToRawData = rsrc.virtualAddress; long maxPosition = BaseStream.Length; foreach (KeyValuePair <string, COFF.SectionHeader> kvp in newSectionHeaders) { if (kvp.Value.pointerToRawData <= maxPosition && kvp.Value.pointerToRawData > rsrc.pointerToRawData) { maxPosition = kvp.Value.pointerToRawData; } } rsrc.sizeOfRawData = (uint)(maxPosition - rsrc.pointerToRawData); rsrc.virtualSize = rsrc.sizeOfRawData; newSectionHeaders.Add(".rsrc", rsrc); buffer = new byte[rsrc.sizeOfRawData]; BaseStream.Position = rsrc.pointerToRawData; BaseStream.Read(buffer, 0, buffer.Length); BeosResources = Resources.Decode(buffer); strings.AddRange(from type in BeosResources where type.type == Consts.B_VERSION_INFO_TYPE from resource in type.resources select BigEndianMarshal .ByteArrayToStructureLittleEndian <VersionInfo>(resource.data) into versionInfo select StringHandlers.CToString(versionInfo.long_info, Encoding.UTF8)); } else { WindowsResourcesRoot = GetResourceNode(BaseStream, rsrc.pointerToRawData, rsrc.virtualAddress, rsrc.pointerToRawData, 0, null, 0); Versions = GetVersions().ToArray(); strings.AddRange(from v in Versions from s in v.StringsByLanguage from k in s.Value select k.Value); foreach (ResourceNode rtype in WindowsResourcesRoot.children.Where(r => r.name == "RT_STRING")) { strings.AddRange(GetStrings(rtype)); } } } sectionHeaders = newSectionHeaders.Values.OrderBy(s => s.pointerToRawData).ToArray(); Segment[] segments = new Segment[sectionHeaders.Length]; for (int i = 0; i < segments.Length; i++) { segments[i] = new Segment { Flags = $"{sectionHeaders[i].characteristics}", Name = sectionHeaders[i].name, Offset = sectionHeaders[i].pointerToRawData, Size = sectionHeaders[i].sizeOfRawData } } ; Segments = segments; strings.Sort(); Strings = strings; }